Topic: Warning! Be careful when you copy and paste bitcoin address from Electrum wallet (Read 413 times)

As simple user he has limited options for "installing" new things. He has access only to the non-system partitions and only his user keys in registry.
The malware will run only when the kid is playing. It's bad, but it cannot damage what's important.
And in my case he will also have to get over the Internet Security's "Auto-Containment" 


I know, I've done a super-simple one in my 3rd year at Uni. 
That was in MS-DOS/Win95. Now everything is much easier.


That's correct. At least for clipboard hijacking user's double check is something easy to do and should become almost a reflex.
Bitsler has this implemented at withdraw - it asks the user double check a few parts of the address for sure. But for a wallet to do this.. I don't know, it could be annoying for many users.

Well.. you are right.. but in this case we are really talking about very uneducated user regarding computers and 'technical stuff'.

Unfortunately UAC can almost always be bypassed if it is not explicitly set to the highest (most secure) option, which is not default.
There are numerous ways to bypass it, some are fixed, some are not.

So this makes it even more dangerous on a computer in comparison to an android 




But this still applies, no ?

On the computer malware could steal any data/files/etc. which the user (i.e. your kid) has access too (ignoring UAC exploits).
On an (unrooted) android the malware could only steal information in its user context (own app data) plus things possible with given permission (external storage, camera, etc..)

But accessing camera, storage, etc.. is always possible under windows. You don't even have to give permission for doing that.

One of the most dangerous things you can install on your mobile is a custom keyboard, which acts as a keylogger.
And on windows.. well.. it is not really hard to implement a keylogger.
You have about 3 different types of them:
- Via polling (GetAsyncKeyState)
- Via hooking (SetWindowsHookEx)
- Registering as input device

I mean.. hell.. there are 2 inbuilt accessible windows libraries available to create a keylogger with just a few lines of code.

If you refrain from installing a custom keyboard on an android, the chances of having a keylogger is close to zero (excluding unknown exploits), simply because an installed application has no access to the keyboard / buffer / etc.


Unfortunately this does not apply to OP's problem (clipboard hijacking), since this is readable for any application on android.

So, to get on-topic again, this also wouldn't have had him protected against this kind of malware.
I mean.. you could theoretically forbid applications to access the clipboard, but this also means you can't paste in them anymore.


I am no way saying that android is secure and windows is not.. however it is much easier to have your mobile clean than a windows computer.

But shared devices create new problems per se, whether smartphone, computer, tablet, etc.

It was that fix, and then that Huawei 


In my case it's not. On the computer the kids have "users" and I am the admin. On the phone they can install and run a "game" and I may find out about the "surprise" much later.


I'm not surprised. And I believe that some do that even without telling. It's just the next step after all that happens in the browsers.
That's why my Bitcoin wallets on Android never had useful private keys.

Well.. since you are giving them the permissions, that's nothing an AV software should block, unfortunately.

But the same applies to a desktop computer.
If you run an executable, it can create outgoing connections without being blocked. And if it is establishing an encrypted connection with TLS, there is nothing an AV can do to determine whether it is 'normal' or malicious traffic 

Malicious applications on a desktop computer can even do more harm than malicious apps on a mobile.
On a desktop computer, malware gains access to each file in the user context (basically everything except for system files and folders).
On an android, the malware does not get access to any data from a different application since android enforces application encapsulation. Each application is being run in a different user context.
Only data on the SD card can be accessed by any application. That's btw also the reason why one should never store sensitive data on the external memory.


The only 'one' i am completely trusting is Mr. Mathematics. He never lies.




What did i do or say? 
Well.. it doesn't matter. Better be HappyFish instead of NeuroticFish 

All right, you made my day 



I was told that I'm too pessimistic. Well, you are worse than me 


Although I do have AV on Android, even if many tell that it's useless (!!), it never cried about any of the installed programs.
So I don't know how Android "reacts" when you install app from Play Store and it's stealing your data.
I mean, an app can ask for certain rights (maybe even for good reasons!) and you'll grant them; then it's free to do whatever it wants.
So no, I am not certain about the security of mobiles.


Yup, "the biggest problem for computers sits between the chair and the keyboard".


LMAO!
I have Xiaomi and they did some updates too (although no Pie yet for me). But I'd not trust them, whether there's proof or not.
A bit of paranoia is necessary in this (Bitcoin) world.

Fixed that for you 




Well but 'security software' means a single AV software.
There are plenty of AV's available for android too. TBH, i would everyone recommend to install it on their mobile.




That's true, unfortunately.. Any OS is prone to that.

The biggest vulnerability is not sitting inside of the software or hardware, but in front of the monitor 




Ironically.. Huawei 

I know.. people can claim "uuhhh china is spying and collecting data..", to prevent such arguments:
1) there is not a single proof for them spying and
2) everyone collects data. And i feel i am less vulnerable if china has my data compared to the US

Huawei is doing a really good job at pushing out updates soon after google releases them.

That's correct, however, there's on small extra point to take into consideration.
There are plenty of users that know how to keep their windows safe and no idea about nix or android.
If you ask them get rid of windoze you may either lose them, either they'll make big mistakes. (Tbh I am a bit nervous myself when going onto nix.)
So.. no solution is perfect.


Since a big % of windoze users know / were told that windoze is not safe by default, they use to have some decent security software on. And then social engineering (including infected e-mails or games that work only if you disable the antivirus or whatever) remain the main entry point.


Wow, what maker? One of the reasons I gave up Samsung was the lack of updates.

A live OS is indeed a safer option, no doubts.

I am just sick of those people claiming mobiles are enormous unsecure by definition, while they are running a windows machine on their desktop.
I'd even go that far, to claim that compromising a windows machine is way easier then compromising an android mobile (given that both systems have the same 'level' of security measurements).

Excluding all social engineering - regarding only the technical aspects - windows is more prone to being compromised due to the extreme number of vulnerabilities (found and not found ones).


Btw.. my mobile is roughly 2 years old and still receives monthly updates. About 10-14 days after google releases them.

And since many smartphone manufacturers don't pay much attention to updating the OS after it's sold, and since many simply buy various Chinese smartphones (for better specs/price ratio), I'd say that an up-to-date live OS made only for this reason should still be the safest and easiest choice if one doesn't want to buy hardware wallet.

Using a live OS does not protect you against all kind of malware (i guess you wanted to say malware, not virus).

A virus is a subcategory of malware which spreads itself automatically through a network by exploiting vulnerabilities. You probably meant to talk about malware in general.




You are right.
An up-to-date android mobile is more secure than a windows computer.

That was probably a false positive. This issue has been addressed here. Altcoins miners and some software wallets are sometimes detected as malware. By the way, update Electrum.

Today, while trying to open my old wallet Electrum, the Trojan (Miner-AP trj) was detected by the Avast antivirus
I highly recommend use cold or hardware wallets

jesus, people, run your wallets on live version of OS to prevent all viruses. If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.

I guess that'll help you to read this: https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/
In that article they've posted a (Virustotal.com) link with how the antiviruses detect a d3dx11_31.dll file infected with such trojan.

Another report is at symantec: https://www.symantec.com/security-center/writeup/2016-020216-4204-99?tabid=2

However, if you look at that VirusTotal link you'll see a number of names you can start with if you want to research deeper.

Fake wallets, "Bitcoin Generators", etc... basically anything. These kind of clipboard modifiers are common when we talk about malware.

Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?

I did a search and you're right. I was living with the (wrong) impression that the initial malware was smarter than I thought.
I guess that this was caused by the fact that one of the first cases I've seen discussions about that malware the good and bad addresses were at least having the first 3 letters identical.
But yes, it seems to be just simply the old malware.

i actually have never seen one that did that. are you sure you are not just talking about the theoretical hijacker? because i remember there was a discussion on bitcointalk about how they could do that using vanity generation technique but it would only be first 2 or 3 characters since it takes a lot more time if it is more and also there is absolutely no way you could have identical "end" since it is the checksum and with 1 bit difference in address the whole thing changes.

making money is the reason for it.

It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

With so many "electrum problems" lately, actually not related with Electrum at all, I wonder if it's not some campaign against Electrum, although I fail to understand what could be the reason for it.